On May 24, 2026, a seemingly "configuration error" in a multi-signature setup put StablR in the spotlight: this project, which aims at DeFi and cross-border payments, issuing euro-pegged asset EURR and dollar-pegged asset USDR, had its minting multi-signature account attacked. Information disclosed by Blockaid indicated that the attacker likely obtained the private key of one owner from the multi-signature account, and this setup required only 1/3 of the signatures to complete critical operations, lowering the threshold opened the door to the attack. After obtaining the first key, the attacker exploited this design to replace other administrators, took over the minting permissions, and subsequently minted approximately 8.35 million USDR and about 4.5 million EURR, which were not part of the original issuance plan and collateral system. Several Chinese media outlets estimated that the attacker profited or caused losses of approximately 2.8 million dollars from this incident, with EURR and USDR experiencing varying degrees of decoupling. Although specific prices were not disclosed, the "anchor trust" has already been torn; more critically, this incident distinctly exposed a more dangerous issue than price fluctuations — when the minting multi-signature threshold remains at such a low level of 1/3, where a single point of failure can lead to total loss of control, the so-called multi-signature is merely a formal "shared management," effectively concentrating systemic governance risks on one private key.

Failure of Multi-Signature Threshold: 1/3 Signatures Become a Fatal Gap

On the surface, StablR designed a multi-signature account for the minting of EURR and USDR, which should conventionally be a type of n-of-m security architecture; the higher the threshold, the lower the system's dependence on a single private key. However, according to publicly available information, this minting multi-signature only requires 1/3 of the signatures to complete key management operations, equivalent to any one of the three keys being able to open the door alone. Blockaid revealed that the attacker possibly initiated operations directly as a "legitimate signer" by obtaining the private key of one owner, and the entire process appeared completely compliant with expected permission rules from the contract perspective.

The low threshold design made subsequent disasters inevitable: after acquiring this signature authority, the attacker was able to take advantage of the 1/3 executable characteristic to replace other administrators, rewriting the originally balanced multi-party structure into an exclusive control, ultimately mastering the minting authority. This means that the multi-signature used by StablR to safeguard the minting rights did not form a real multi-party threshold, but rather re-concentrated systemic governance risks onto one private key; under such a structure, the multi-signature was no longer a safety redundancy but compressed back into the most vulnerable single key.

Additional Minting of 12.85 Million Tokens, Anchor Relationship Impacted

After completely controlling the minting multi-signature, the attacker began to directly convert this authority into new chips. According to a single source, approximately 8.35 million USDR were minted out of thin air in this incident, and about 4.5 million EURR were minted through the same path, totaling around 12.85 million tokens that were not part of StablR's original issuance plan and collateral system. This means that, without a simultaneous expansion of the established collateral structure, a sudden large number of "latecomer" tokens appeared in the market, circulating alongside originally rule-compliant equivalent assets.

For assets relying on fiat currency anchors, the key issue is that every token behind it should have traceable, auditable asset backing. When the 12.85 million newly minted USDR and EURR lacked corresponding newly added collateral, the logic of "each token has a backing" for the existing holders was directly diluted, causing the anchor relationship to naturally begin to weaken. Following the incident, both EURR and USDR saw varying degrees of decoupling, and multiple Chinese media outlets estimated that the profit or loss incurred by the attacker from this incident amounted to about 2.8 million dollars. For an issuer positioned in DeFi and cross-border payments, this level of financial black hole is enough to shake external trust in its asset quality and risk control capabilities, and the anchoring commitment of EURR and USDR has escalated from a technical problem to a credibility issue.

Security Design Imbalance: From Multi-Signature Parameters to Hardware Protection

Multi-signature is never an all-purpose key that guarantees safety; it simply shifts risk from a single private key to threshold design and private key management. Common n-of-m multi-signatures use a 2/3 or majority signature threshold to reduce the probability of assets being accessible as soon as any key is stolen. However, in StablR's system, the minting multi-signature only requires 1/3 of the signatures to complete critical operations, meaning that breaching one owner is equivalent to obtaining the entire minting machine. The attacker used this low threshold characteristic to first obtain one key and then amplified the permissions layer by layer through replacing other administrators, ultimately controlling the minting switch for EURR and USDR.

In industry practice, minting, burning, contract upgrades, and other highly sensitive operations are often set as higher threshold multi-signatures and distributed organizationally to multiple parties with different geographical locations and functional backgrounds. Additionally, tools like hardware wallets and cold storage are used to isolate critical private keys in environments as "off-network" as possible. In recent years, multiple attacks on issuers of pegged assets have been traced back to the leaks or insufficient protection of permission private keys, prompting regulatory and security audit institutions to increasingly prioritize multi-signature thresholds, signer distribution, and hardware protection measures as core items in evaluating similar projects, while StablR's exposure of low threshold design is at the opposite end of these checklists.

Frequency of Permission Attacks on Pegged Assets, Industry Sounds Alarm

Looking at a longer timeline, StablR is not an isolated case. Briefings indicate that since around 2025, attacks on issuers of pegged assets have noticeably increased, with similar permission or issuer breaches accumulating losses of hundreds of millions of dollars. Many incidents point to the same vulnerability: a few high-privilege accounts for minting, contract upgrades, cross-chain bridge administrators, etc., concentrated in very few hands. Once the private keys of these accounts leak, attackers do not need to understand complex business logic or engage directly with mature contracts; seizing signature authority alone can fundamentally rewrite asset issuance and cross-chain flows, a pathway that has long been highlighted as a risk source in regulatory and industry discussions.

This StablR incident continued this pattern — the attacker reportedly obtained the private key of one owner in the minting multi-signature account, and then utilized the "1/3 signature to complete key operations" low threshold design to replace other administrators, thereby taking over the minting authority, minting approximately 8.35 million USDR and about 4.5 million EURR outside the existing collateral and issuance plans. According to several Chinese media reports, this incident brought about or caused losses and profits of around 2.8 million dollars for the attacker and directly triggered the decoupling fluctuations of EURR and USDR. Compared to laboriously searching for business contract vulnerabilities, this pathway of seizing concentrated authority and then "legitimately" minting is clearly more aligned with the cost-benefit logic of attackers; as long as the industry tolerates such a highly centralized authority structure, holders of pegged assets must accept that they are effectively betting on the long-term stability of a very small number of accounts and private key management systems.

After the StablR Incident, What Signals Should Investors Watch

This StablR incident truly points the finger at "who can use the minting multi-signature account under what conditions," rather than the issue of "whether to use multi-signatures" itself. When the threshold is designed to require only 1/3 of signatures and allows for on-chain replacement of other administrators, the multi-signature account merely disguises single-point risks as collective decision-making. Even more troubling, as of May 24, 2026, publicly available information contains no authoritative statistics on the identity or organizational background of the attacker, the number of affected users, or the distribution of funds. StablR has also not clearly announced whether it has suspended minting, whether it plans to compensate, or whether it has adjusted multi-signature parameters. The external world cannot even determine whether the attack has been fully controlled. In this information vacuum, holders can only closely monitor several subsequent signals: first, whether the on-chain minting authority structure has been rewritten, such as raising the critical operation threshold from 1-of-3 to a higher threshold; second, whether the project has publicly engaged third-party security audits and disclosed audit conclusions on the multi-signature structure and authority paths; third, whether it simultaneously enhances transparency, regularly disclosing minting and redeeming data and the progress of asset disposal affected, because only when these specific parameters and processes are materially transformed can the credit expectations for EURR and USDR be potentially reestablished.

Join our community to discuss and grow stronger together!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
Exclusive Hyperliquid benefits for AiCoin: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive Aster benefits for AiCoin: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。